Agent Client Collector certificate error

PraneethSoz · ‎12-12-2024

Hi,

We are about to place ACC visibility for Linux machines, During the set up after installing the ACC-F we are facing the error below

"2024-12-10T12:56:14.34 [ERROR] [agent] [tls: failed to verify certificate: x509: cannot validate certificate for xx.xx.xx6.15 because it doesn't contain any IP SANs] reconnection attempt failed to the url: wss://xx.xx.xx6.15:443/ws/events, using api-key authentication failed"

I am not sure how to check the proper certification for ACC listener. Please let me know what should I need to do to resolve this.

@Severin Launiau @pratik0306 @Allen Andreas @SK Chand Basha @Sohail Khilji

Regards

Praneeth

SK Chand Basha · ‎12-12-2024

Hi @PraneethSoz

Refer this below KB

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1122613

https://www.servicenow.com/community/itom-forum/securing-mid-server-agent-client-collector-agents-tl...

Severin Launiau · ‎01-08-2025

@PraneethSoz: it seems there is a mismatch between the wss you configured in the acc.yml and the certificate presented by your MID server. Generally speaking, use DNS A or CNAME records and avoid hardcoding IP addresses. If you are using a load-balancer and you are unsure about what's in there, just open a web browser on that url (using https instead of wss) and look at the certificate presented there. See if there is a Subject Alternative Name in the certificate extension. For a deeper dive, the doc "All about TLS" in the attachments of KB1122613. I provided specific commands for troubleshooting.